As some of you may have noticed, we started today to release publicly all abuse reports we receive, no matter the content or context, as well as a description about how we precisely respond to each of them.
This decision from our top management and agreed unanimously by our staff and our oldest customers, makes echo to an abuse we handled few weeks ago.
Some people accused us of placing our well being over the one of our customers. We beg to differ here. Proxy.sh is not here to cover your most illicit activities, it is here to ensure your privacy no matter where you are on this planet, and to bypass some of the domestic restrictions (either provided by law, culture or practice) you may experience in some parts of the globe.
But at any rate, it is not here to back you up if you provoke harm to other human beings such as through pedo-pornography or terrorist acts (either in the physical or virtual world). We clearly have no recommendation if you want to do the latter, and we actually do not believe you should be provided any privacy if you wish to do so, as by any way your actions are actually infringing the privacy of others.
What we did few weeks ago was in full compliance of this policy and it is precisely because we care about our customers’ privacy (and that of the public in general), that we decided to openly state the context and the resulting actions about this intervention (the first we did since we launched) and that was subsequently and often misleadingly reported in media.
Today, we would like to move even more forward and continue in the same spirit as this case, by officially launching our Transparency Report program. From now on, we will publish absolutely all the abuse notices we receive, as well as how (and why) we respond to them. We believe this will help our users both get alerted about what happens behind the scenes, as well as get secure in case some abuse might (wrongfully) affect them. We will never agree to act as a honey pot: let the bees be free, as one might say.
In this section you will see the way we respond to DMCA and other notices. We will try to keep you updated within 10 minutes to maximum 24 business hours about such notices as we receive them. Our intervention is provided in a spirit of utmost security and care about privacy. We will never take actions about precise accounts (actually without installing a monitoring software such as Wireshark we cannot do any monitoring as we both log and monitor nothing – and Wireshark will not even allow us to identify your account, but rather patterns related to the remote IP you are connecting from to our VPN – consider using TOR if you want to avoid this).
Because we choose of not being proprietary of our hardware (e.g. the cloud servers from which we operate our VPN), we can enjoy both flexibility of moving in and out but most importantly open recognizing of our uber privacy-friendly policies (in other words, host providers can provide the audit of our legal responses as well as to some extent, the security of our nodes – we are ready to allow hosts to respond to some security questions they can themselves confirm, as long as of course it does not compromise the smallest aspect of our technical security, such as checking out our VPS content, even in encrypted form as far as cold storage is involved). The leverage of not owning hardware is coped with encrypted kernel so only RAM processes are left in the open (impossibility to encrypt this further without user or maintenance inconvenience), hourly changing encryption keys and careful attention about any pattern that may identify a third party monitoring (yes, even a plug into the fiber might be detected these days but we will not explain how this can be done).
Now, this move was definitely not easy to take. We haven’t been thinking about it since we launched, it is true to recognize. We actually didn’t realize transparency was so important when we first launched. But as we grew and we analyzed competition, it became clear to us that transparency was precisely the element missing in this industry.
We looked at the answers and justifications provided by Private Internet Access and others - it was just silly (which is too bad because we reckon they provide good infrastructures). U.S. providers deny governmental involvement, but yet are forced by law to do so (they shall be forced to deny when they are asked about in some circumstances, not only forced to avoid publicly stating as we might have heard – see reality based application of USA PATRIOT Act of 2001 among several jurisdictions). Most worryingly, some of them reckon a hidden abuse report but do not detail about the essence nor the substance of it. This is truly what moved us to get the Transparency Report program started.
Another important facet to recognize is that we are not based in English speaking countries (North America, United Kingdom, etc.) except eventually for some of our evangelists (some of them involved in organizations themselves affiliated with competition, but that dislike such affiliation). This particular intonation has been reflected in our speeches and the way we write. We would like to hereby somehow apologize for the writing experience. We are no native English speakers and we do not employ copywriters. As a result, we may not feel as pertinent as the competition does, but we hope you will have the imagination to cope with this little cultural gap.
I, Lou, a former black-hat hacker and social engineering rockstar, would personally stand to say that this proves yet another time that we are operating from non-sensitive jurisdictions; and although one could say that the open world is getting tinier these days, we are still enjoying the right loopholes of globalization to provide the utmost experience of human rights protection.
In conclusion, we are happy to launch our Transparency Report program, which will aim at giving more details to our customers about what happens behind the scenes, while at the same time, hopefully, provoking a little bump to the VPN industry in order to clear out ambiguities and finally provide a decent level of transparency to customers.
NB: Just a small disclosure for our fans, within the next 8 to 10 weeks we will deploy a Bootstrap 3 upgrade of our panel, a milestone update of our encryption levels (RSA up to 4096-bit, Serpent and other combos), an improvement of all our clients (Windows, Mac, Linux, Android, iOS) as well as more extra services. “Stay tuned!”